Re: [whimsy] branch master updated: resync config/whimsy.conf

Tue, 19 Oct 2021 02:19:37 -0700 

On Wed, 13 Oct 2021 at 13:49, Sam Ruby <ru...@intertwingly.net> wrote:
>
> I ran https://github.com/apache/whimsy/blob/master/tools/mkconf.rb,
> which in turn executes:
>
> ssh whimsy.apache.org cat /etc/apache2/sites-enabled/*-whimsy-vm-443.conf
>
> patches welcome, either to infra-p6, or to the mkconf script :-)

I added a PR for Whimsy:

https://github.com/apache/infrastructure-p6/pull/881

Would you be able to review that please?

> - Sam Ruby
>
> On Wed, Oct 13, 2021 at 6:47 AM sebb <seb...@gmail.com> wrote:
> >
> > On Tue, 12 Oct 2021 at 23:51, <ru...@apache.org> wrote:
> >
> > > This is an automated email from the ASF dual-hosted git repository.
> > >
> > > rubys pushed a commit to branch master
> > > in repository https://gitbox.apache.org/repos/asf/whimsy.git
> > >
> > >
> > > The following commit(s) were added to refs/heads/master by this push:
> > >      new d3cd998  resync config/whimsy.conf
> > > d3cd998 is described below
> > >
> > > commit d3cd998e133b164da6638fa3ab78aab6acf465e5
> > > Author: Sam Ruby <ru...@intertwingly.net>
> > > AuthorDate: Tue Oct 12 18:51:03 2021 -0400
> > >
> > >     resync config/whimsy.conf
> > > ---
> > >  config/whimsy.conf | 95
> > > +++++++++++++++---------------------------------------
> > >  tools/mkconf.rb    |  2 +-
> > >  2 files changed, 27 insertions(+), 70 deletions(-)
> > >
> > > diff --git a/config/whimsy.conf b/config/whimsy.conf
> > > index a601cec..329473b 100644
> > > --- a/config/whimsy.conf
> > > +++ b/config/whimsy.conf
> > > @@ -2,7 +2,7 @@
> > >  # Vhost template in module puppetlabs-apache
> > >  # Managed by Puppet
> > >  # ************************************
> > > -
> > > +#
> > >  <VirtualHost *:80>
> > >    ServerName whimsy.local
> > >
> > > @@ -23,19 +23,15 @@
> > >    CustomLog "/var/log/apache2/whimsy_access.log" combined
> > >
> > >    ## Server aliases
> > > -  ## ServerAlias whimsy-test.apache.org
> > > -  ## ServerAlias whimsy4.apache.org
> > > -  ## ServerAlias whimsy-vm4.apache.org
> > > +  ## ServerAlias whimsy6.apache.org
> > > +  ## ServerAlias whimsy.apache.org
> > >
> > >    ## Custom fragment
> > >
> > > -SetEnv PATH /usr/local/bin:${PATH}
> > > +## Needed? SetEnv PATH /usr/local/rvm/wrappers/ruby-2.7:${PATH}
> > >
> > >  PassengerFriendlyErrorPages on
> > >
> > > -PassengerUser www-data
> > > -PassengerGroup www-data
> > > -
> > >  AddCharset UTF-8 .json
> > >
> > >  ExpiresActive On
> > > @@ -52,6 +48,10 @@ ExpiresActive On
> > >    </FilesMatch>
> > >  </Directory>
> > >
> > > +<Directory /srv/whimsy/www/.well-known/acme-challenge>
> > > +  Require all granted
> > > +</Directory>
> > > +
> > >  <Directory /srv/whimsy/www/public/>
> > >    Header add Access-Control-Allow-Origin "*"
> > >    Options +Indexes
> > > @@ -80,6 +80,7 @@ RedirectMatch permanent ^/officers/public_names
> > > /secretary/public-names
> > >
> > >  # redirect obsolete mailing list request form to replacement application
> > >  RedirectMatch permanent ^/officers/mlreq
> > > https://selfserve.apache.org/mail.html
> > > +
> > >  ProxyPass "/board/agenda/websocket/"  "ws://localhost:34234/"
> > >
> > >  # We now have local custom error pages
> > > @@ -141,10 +142,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Committers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >
> >
> > Why drop the eu host?
> > Not all developers are US-located, even though the live server may be.
> >
> >
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </LocationMatch>
> > >
> > > @@ -152,10 +152,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Committers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >
> >
> > Why drop this?
> > It should speed up LDAP checks.
> >
> >
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -163,10 +162,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Committers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -174,10 +172,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Committers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -185,10 +182,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Committers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -196,10 +192,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members and Incubator PMC"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </LocationMatch>
> > >
> > > @@ -207,10 +202,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members and Incubator PMC"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </LocationMatch>
> > >
> > > @@ -218,10 +212,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members and Officers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -229,10 +222,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members and Officers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -240,10 +232,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members and Officers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -251,10 +242,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members and Officers"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require expr %{REQUEST_URI} == '/board/agenda/app.js'
> > >    Require expr %{REQUEST_URI} == '/board/agenda/app.js.map'
> > >    Require expr %{REQUEST_URI} =~ m#^/board/agenda/.*\.js\.rb$#
> > > @@ -269,10 +259,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute memberUid
> > >    AuthLDAPGroupAttributeIsDN off
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=member,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -280,10 +269,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute memberUid
> > >    AuthLDAPGroupAttributeIsDN off
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=member,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -291,10 +279,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Members"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute memberUid
> > >    AuthLDAPGroupAttributeIsDN off
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group cn=member,ou=groups,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -302,10 +289,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Infrastructure Team"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    Require ldap-group
> > > cn=infrastructure,ou=groups,ou=services,dc=apache,dc=org
> > >  </Directory>
> > >
> > > @@ -313,10 +299,9 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Secretarial Team"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    <RequireAny>
> > >      Require ldap-group
> > > cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org
> > >      Require ldap-group cn=apldap,ou=groups,ou=services,dc=apache,dc=org
> > > @@ -327,41 +312,13 @@ Alias /project/icla/
> > > /srv/whimsy/www/project/icla/public
> > >    AuthType Basic
> > >    AuthName "ASF Secretarial Team"
> > >    AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > +  AuthLDAPUrl "ldaps://
> > > ldap-us-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > >    AuthLDAPGroupAttribute member
> > >    AuthLDAPGroupAttributeIsDN on
> > > -  AuthLDAPMaxSubGroupDepth 0
> > >    <RequireAny>
> > >      Require ldap-group
> > > cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org
> > >      Require ldap-group cn=apldap,ou=groups,ou=services,dc=apache,dc=org
> > >    </RequireAny>
> > >  </LocationMatch>
> > >
> > > -<Directory /srv/whimsy/www/test/member>
> > > -  AuthType Basic
> > > -  AuthName "ASF Members"
> > > -  AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > -  Require ldap-alias-member
> > > -</Directory>
> > > -
> > > -<Directory /srv/whimsy/www/test/incubator>
> > > -  AuthType Basic
> > > -  AuthName "Incubator PMC"
> > > -  AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > -  Require ldap-alias-incubator-pmc
> > > -</Directory>
> > > -
> > > -<Directory /srv/whimsy/www/test/member-incubator>
> > > -  AuthType Basic
> > > -  AuthName "ASF Members and Incubator PMC"
> > > -  AuthBasicProvider ldap
> > > -  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636
> > > ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
> > > -  <RequireAny>
> > > -    Require ldap-alias-member
> > > -    Require ldap-alias-incubator-pmc
> > > -  </RequireAny>
> > > -</Directory>
> > > -
> > >  </VirtualHost>
> > > diff --git a/tools/mkconf.rb b/tools/mkconf.rb
> > > index d81190e..fb8404b 100755
> > > --- a/tools/mkconf.rb
> > > +++ b/tools/mkconf.rb
> > > @@ -16,7 +16,7 @@ else
> > >  end
> > >
> > >  conf.sub! 'VirtualHost *:443', 'VirtualHost *:80'
> > > -conf.sub! 'ServerName whimsy.apache.org', 'ServerName whimsy.local'
> > > +conf.sub! /ServerName whimsy(.*?)\.apache\.org/, 'ServerName 
> > > whimsy.local'
> > >
> > >  conf.gsub! 'ServerAlias', '## ServerAlias'
> > >
> > >

Reply via email to